overlay Archives

AppWizard

March 19, 2026

New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data

Cybersecurity researchers have identified a new family of Android malware called Perseus, designed for device takeovers and financial fraud. It utilizes Accessibility-based remote sessions for real-time monitoring and interaction with infected devices, particularly targeting Turkey and Italy. Perseus monitors user notes to extract personal or financial information and is distributed through dropper applications via phishing websites. It expands on the codebase of previous malware like Phoenix and employs disguises as IPTV services to reduce user suspicion. Once operational, it performs overlay attacks and captures keystrokes to steal credentials from financial applications. The malware allows operators to issue commands through a command-and-control panel, enabling various malicious actions, including capturing note content and initiating remote visual streams. Perseus also conducts environment checks to evade detection and ensure it operates on legitimate devices.

AppWizard

March 19, 2026

New Android malware hiding in streaming apps to spy on users’ personal notes

Researchers have discovered a sophisticated malware called Perseus that targets Android users by disguising itself within television streaming applications to steal sensitive information, including passwords and banking details. This malware, reported by ThreatFabric, primarily affects users in Turkey and Italy and is based on the leaked code of previous Android banking trojans, particularly Cerberus. Perseus masquerades as IPTV service apps, often downloaded from unofficial sources, and employs overlay attacks and keylogging techniques to capture user credentials. It specifically targets personal note-taking applications like Google Keep, Evernote, and Simple Notes to extract sensitive information stored within them. The malware landscape is evolving, with new threats like the banking trojan Herodotus and the Crocodilus variant, which can manipulate contact lists. Users are advised to be cautious when downloading applications from unofficial sources.

AppWizard

March 19, 2026

Google is quietly testing a Discover tab in Gemini, alongside a host of UI changes

The latest beta version of the Google app (17.10.54.sa.arm64) has introduced several updates to the Gemini user interface, including a new "Discover" tab in the sidebar that currently leads to an empty page. The sidebar may be redesigned for a more streamlined layout, featuring a settings shortcut at the bottom. Gemini's "Thinking" responses will now be presented in a bottom sheet format for improved clarity. The sidebar serves as a navigation tool, allowing users to switch between chats and access app sections, with some variations tested appearing unfinished. One version successfully loads chat history and includes minor UI adjustments that align with the web interface design. The Gemini overlay has also been refined to separate input and responses, adding a prominent close button and repositioning the voice output feature. Not all features from the APK teardown may be included in the public release.

BetaBeacon

March 18, 2026

Google rolls out AI-powered Play Games Sidekick for Android

Google has introduced Play Games Sidekick, an AI-powered assistant for Android gamers that provides real-time gameplay tips and supports features like Game Trials.

AppWizard

March 17, 2026

Expert Names Top 7 Android Weather Apps for Every User

After extensive testing, seven Android weather applications were identified as reliable for diverse forecasting needs. The accuracy of multi-day forecasts has improved significantly, with five-day predictions now comparable to three-day forecasts from a decade ago. The apps selected offer a mix of scientific rigor and user-friendly design, featuring various forecast models, clear visualizations, and dependable alerts. 1. A graph-centric app provides detailed weather insights through meteograms that visualize hourly and daily data, enhancing pattern recognition. 2. Breezy Weather is an open-source app that balances clarity and depth, displaying current conditions with animations and organized hourly/daily cards. 3. Weather Master offers multiple forecast models, customization options, and plain-language insights about significant weather risks. 4. Weather & Radar focuses on real-time tracking and alerts, utilizing radar-centric design for dynamic weather conditions. 5. Zoom Earth provides global satellite views and fire data, visualizing storms and environmental conditions with clarity. 6. Tropical Hurricane Tracker compiles advisories and discussions on cyclones, offering detailed data and accessible explanations for users. 7. Avia decodes METARs and TAFs from airports worldwide, providing precise weather information crucial for pilots. A comprehensive weather toolkit combines model-driven forecasts, real-time updates, and specialized tools for tropical systems and aviation reports.

BetaBeacon

March 15, 2026

Google Launches Play Games Sidekick AI for Android Gaming

Play Games Sidekick is an intelligent gaming overlay for supported Android games that provides AI gameplay tips, achievement tracking, streaming and content tools, and a seamless in-game overlay. At launch, it supports more than 90 Android games with plans to expand support for more titles in the future. This feature aims to improve the Android gaming experience by helping new players learn games faster, competitive players improve their strategies, and content creators record and share gameplay more easily.

AppWizard

March 13, 2026

Google Play Levels Up On PC With Game Trials And Android Cross-Platform Purchases

Google has announced plans to extend its mobile gaming catalog to PC users by introducing a dedicated PC section within the Play Store Games tab for Android games optimized for Windows PCs. This initiative includes select paid games such as Dungeon Crawler, Dredge, and Reigns, with purchases made on Android granting access to the PC version. Certain paid titles will receive free game trials on Android, with similar offerings planned for PC. Google Play will also introduce Community Posts for popular games, allowing player engagement, and the Play Games Sidekick will provide AI-generated tips for select paid games.

AppWizard

March 12, 2026

Fake Red Alert app used in Android spyware smishing

Acronis' Threat Research Unit has discovered a targeted campaign against Android users involving a counterfeit version of Israel's Red Alert rocket warning app that distributes spyware. The malicious software is spread through SMS messages that appear to be official communications from the Home Front Command, prompting users to download an "update." The fraudulent app mimics the legitimate safety tool, maintaining its rocket alert functionality to avoid detection. Once installed, the spyware collects sensitive data such as SMS messages, contacts, location information, device accounts, and a list of installed applications. This tactic, termed "smishing," combines SMS and phishing techniques. The malware uses sophisticated methods like certificate spoofing and runtime manipulation to bypass Android's signature checks, and it consists of a loader and a secondary component that executes the real alert application while the spyware operates in the background. The spyware monitors user permissions and can harvest SMS messages, contacts, and location data, adjusting its behavior based on the user's geographical position. It sends collected data to a remote command-and-control server, with the exfiltration endpoint identified as ra-backup[.]com. Acronis suggests this campaign may be linked to the group Arid Viper (APT-C-23), known for targeting Israeli interests with trojanized Android applications. Researchers recommend users only download apps from official sources, avoid sideloading packages from SMS links, and review app permissions carefully. They advise checking for the package name com.red.alertx on devices and performing a factory reset if found, along with changing credentials for any accessed accounts.

BetaBeacon

March 12, 2026

Google just made Android gaming much more immersive – free update is a literal game-changer

Google Play Games Sidekick is now available in over 90 games, offering instant access to a variety of game features such as device controls, streaming, AI-powered gaming tips, and capture and sharing options.

AppWizard

March 12, 2026

Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets

Cybersecurity researchers have identified six new families of Android malware designed to extract sensitive data and facilitate financial fraud. Notable threats include: - PixRevolution: Targets Brazil's Pix payment platform, activates during Pix transfers, and uses real-time monitoring to intervene in transactions. Victims are tricked into installing malicious apps from counterfeit Google Play Store listings, which enable accessibility services for the malware to capture screens and overlay fake interfaces to reroute funds. - BeatBanker: Spreads through phishing attacks disguised as legitimate Google Play Store pages. It uses an inaudible audio loop for persistence, functions as a banking trojan, and includes a cryptocurrency miner. It creates deceptive overlays for platforms like Binance and Trust Wallet to divert funds and can monitor web browsers and execute remote commands. - TaxiSpy RAT: Exploits accessibility services to gather sensitive information such as SMS messages and call logs, targeting banking and cryptocurrency applications with overlays for credential theft. It employs advanced evasion techniques like native library encryption and real-time remote control. - Mirax: A private malware-as-a-service (MaaS) offering with a subscription model that provides tools for banking overlays and information gathering, including keystrokes and SMS. - Oblivion: Another Android RAT available at a competitive price, featuring capabilities to bypass security measures on various devices. - SURXRAT: Distributed through a Telegram-based MaaS ecosystem, it uses accessibility permissions for persistent control and communicates with a Firebase-based command-and-control infrastructure. Some samples incorporate a large language model component, indicating experimentation with AI by threat actors.